<?php

function showLogin(){
	echo"	<h2>TEDx Hanze Administration Panel</h2>";
	echo"	<form method='post' action='index.php?action=login'>";
	echo"	Username: <input type=\"text\" name=\"username\"> <br><br>";
	echo"	Password: <input type=\"Password\" name=\"password\"> <br/><br>";
	echo"	<input type=\"submit\" name=\"submit\" value=\"Log In\"/>";
	
	if (!empty($_POST)){
		$Username=($_POST['username']);
		$Password=($_POST['password']);
		$query = sprintf ("SELECT * FROM users WHERE UserName ='%s' AND Password=PASSWORD('%s')",
			mysql_real_escape_string ($_POST['username']),
			mysql_real_escape_string ($_POST['password'])); 
		$result = mysql_query($query) 
			or die (mysql_error()); 
		if (mysql_num_rows($result) == 1){
			session_name("adminlogin");
			session_start();
				$result = mysql_fetch_array ($result);
				$_SESSION['sessionid'] = session_id();
				$_SESSION['loggedonuser'] = $result['FirstName']." ".$result['SurName'];
				$_SESSION['loggedonusername'] = $result['UserName'];
			header("Location: index.php?action=adminpanel"); 
			exit(); 
		}
		else{
			$tekst = "Please enter a valid username/password combination!<br> ";          
			die($tekst);
		}
	}	
}

function showAdminpanel(){	
	session_name("adminlogin");
	session_start();
	
	if (isset($_SESSION['sessionid'])){
		if ($_SESSION['sessionid'] == session_id()){
		
		echo"	Welkom ".$_SESSION['loggedonuser']."";
		$attributes = array ("FirstName", "SurName", "Email", "Country", "Occupation", "Website", "Invitedby");
		$methods = array ("asc", "desc");
		$order = "";
		
		if (isset($_GET['orderby']) && in_array ($_GET['orderby'], $attributes)){
			$order = $_GET['orderby'];
			if (isset($_GET['method']) && in_array ($_GET['method'], $methods)) {
				switch ($_GET['method']){
					case "asc":
						$method='desc';
					break;
					
					case "desc":
						$method='asc';
					break;
				}
			}
			else {
				$method = 'asc';
			}
				 
		}
		if (empty($order)){
			$sql = "SELECT * FROM subscribers WHERE confirmed = '1' ORDER BY 'LastName'";
			$method = 'asc';
		}
		
		else{
			$sql = "SELECT * FROM subscribers WHERE confirmed = '1' ORDER BY $order $method";
		}
		$res = mysql_query($sql)
			or die (mysql_error());
		echo"	<table><th width='880px' align='center'>Registrations TEDx Hanze</th></table><table>";
		echo"	<form method='post' action='index.php?action=confirm'>";
		echo"	<tr>";
		echo" 		<th width='100px'><a href='?action=adminpanel&orderby=FirstName&method=$method'>Firstname:</a></th>";
		echo" 		<th width='100px'><a href='?action=adminpanel&orderby=SurName&method=$method'>Surname:</a></th>";
		echo" 		<th width='200px'><a href='?action=adminpanel&orderby=Email&method=$method'>Email:</a></th>";
		echo" 		<th width='100px'><a href='?action=adminpanel&orderby=Country&method=$method'>Country:</a></th>";
		echo" 		<th width='100px'><a href='?action=adminpanel&orderby=Occupation&method=$method'>Occupation:</a></th>";
		echo"		<th>Motivation:</th>";
		echo" 		<th width='250px'><a href='?action=adminpanel&orderby=Website&method=$method'>Website:</a></th>";
		echo"		<th width='100px'><a href='?action=adminpanel&orderby=Invitedby&method=$method'>Invited by:</a></th>";
		echo"		<th><input type='submit' name='submit' value='Invite selected!'>";
		echo"	</tr>";
		
		while ($row = mysql_fetch_assoc ($res)){
			echo"	<tr>";
			echo"		<td>".$row['FirstName']."</td>";
			echo"		<td>".$row['SurName']."</td>";
			echo"		<td>".$row['Email']."</td>";
			echo"		<td>".$row['Country']."</td>";
			echo"		<td>".$row['Occupation']."</td>";
			echo"		<td>".$row['Website']."</td>";
			echo"		<td>".$row['Motivation']."</td>";
			if (empty($row['Invitedby'])){
				echo"	<td><i>Not yet invited</i></td>";
				echo"	<td><input type='checkbox' name='confirm[]' value='".$row['Email']."'></td>";
			}
			else{	
				echo"		<td>".$row['Invitedby']."</td>";
				echo"		<td><input type='checkbox' name='confirm[]' value='".$row['Email']."' checked='checked'></td>";
			}
			echo"	</tr>";
		}
		echo"	<tr>";
		echo" 		<th width='100px'><a href='?action=adminpanel&orderby=FirstName&method=$method'>Firstname:</a></th>";
		echo" 		<th width='100px'><a href='?action=adminpanel&orderby=SurName&method=$method'>Surname:</a></th>";
		echo" 		<th width='200px'><a href='?action=adminpanel&orderby=Email&method=$method'>Email:</a></th>";
		echo" 		<th width='100px'><a href='?action=adminpanel&orderby=Country&method=$method'>Country:</a></th>";
		echo" 		<th width='100px'><a href='?action=adminpanel&orderby=Occupation&method=$method'>Occupation:</a></th>";
		echo"		<th width='150px'>Motivation:</th>";
		echo" 		<th width='250px'><a href='?action=adminpanel&orderby=Website&method=$method'>Website:</a></th>";
		echo"		<th width='100px'><a href='?action=adminpanel&orderby=Invitedby&method=$method'>Invited by:</a></th>";
		echo"		<th><input type='submit' name='submit' value='Invite selected!'>";
		echo"	</tr>";
		echo"	</form></table>";	
		echo"	<form method='post' action='index.php?action=logoff'>";
		echo"	<input type='submit' name='logout' value='Log off'></form>";
		}
	}
	else{
		die("You are not authorized to view this page. <a href='index.php?action=login'>Please login first!</a>");
	}
}

function logoff(){
	session_name("adminlogin");
	session_start();
	if (isset($_SESSION['sessionid']) && ($_POST['logout'])){
		session_unset();
		session_destroy();
		echo"	You have succesfully logged off. Click <a href='../index.php'>here</a> to return to the homepage.";
	}
	else {
		echo"	Please <a href='index.php?action=login'>login</a> first";
	}
}
		

function confirmAdminpanel(){
	session_name("adminlogin");
	session_start();
	$x = count($_POST['confirm']);
	$sql = "";	
	echo"	De volgende gebruikers zijn uitgenodigd:<br>";
	foreach ($_POST['confirm'] as $email){
		$sql = sprintf ("UPDATE subscribers SET InvitedBy = '%s' WHERE Email = '%s'",
			mysql_real_escape_string ($_SESSION['loggedonusername']),
			mysql_real_escape_string ($email));
		mysql_query($sql)
			or die (mysql_error());
		
		$sql = "SELECT FirstName, SurName FROM subscribers WHERE Email = '".$email."'";
		$res = mysql_query($sql);
		while(list($firstname, $surname) = mysql_fetch_row ($res)){
			echo"	$firstname "." $surname<br>";
		}
	}
	
	echo"	<a href='index.php?action=adminpanel'>Terug naar het beginscherm!</a>";	
}

?>